Department of Computer Science and Electrical Engineering

The UMBC Cyber Defense Lab presents

Reasoning About Time in a Crypto Protocol Analysis Tool

Dr. Catherine Meadows, Naval Research Laboratory

12:00–1:00pm Friday, 15 November 2019, ITE 227

The ability to guarantee timing properties, and in turn to use assumption about time to guarantee the security of protocols, is important to many of the applications we rely upon. For example, to compute locations, GPS depends on time synchronization between entities. Blockchain protocols require loose time synchronization to guarantee agreement on block timestamps. Distance-bounding protocols use the roundtrip time of an RF signal to enforce constraints on location. To analyze these types protocols formally, it is necessary to reason about time. This talk describes recent research in extending the Maude-NPA cryptographic protocol analysis tool to reason about cryptographic protocols that rely on or enforce timing properties. We describe the timing model we have created for the tool. We show how we we represent timing properties as constraints, whose solution is outsourced to an SMT solver. We also discuss our experimental results.

Catherine Meadows is a senior researcher in computer security at the Center for High Assurance Systems at the Naval Research Laboratory and heads that group’s Formal Methods Section. She was the principal developer of the NRL Protocol Analyzer (NPA), which was one of the first software tools to find previously undiscovered flaws in cryptographic protocols, and was used successfully in the analysis of a number of protocol standards. She is also leading, or has recently led, a number of projects related to the design and analysis of cryptographic protocols, including one focused the development of an analysis tool, Maude-NPA, that takes into account the the complex algebraic properties of cryptosystems, another that is focusing on the automatic generation of secure cryptosystems, and another devoted to formal methods for the design of cyber-physical systems with legacy components.

This work was supported by ONR 321 ()

Host: Alan T. Sherman, . Support for this event was provided in part by the National Science Foundation under SFS grant 175368. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Events:

• December 6, Karl Henderson, Verisign
• 9am—5pm daily, January 13-17, UMBC SFS/CySP Research Study, ITE 456
• January 31, 2020, TBA, biweekly CDL talks resume

UMBC faculty poised to help shape national policies in computing

Adam Bargteil, assistant professor of computer science and electrical engineering, has been named chair-elect of the Association for Computing Machinery’s (ACM) Special Interest Group on Computer Graphics and Interactive Techniques (SIGGRAPH). He will lead SIGGRAPH as chair starting Fall 2020.

With Bargteil’s election, UMBC’s College of Engineering and Information Technology (COEIT) now has two faculty members serving as leaders of two of the ACM’s largest special interest groups. Helena Mentis, associate dean for academic programs and learning in COEIT and associate professor of information systems, has been president of the Special Interest Group on Computer-Human Interaction (SIGCHI) since July 2018.

In these leadership roles, Bargteil and Mentis will have an opportunity to shape important policy matters, including redesigning computing education guidelines.

Bargteil’s group, SIGGRAPH, is the leading international society for computing professionals and students in computer graphics and interactive techniques, attracting people from academia, industry, and artistic communities. Bargteil helped create the ACM SIGGRAPH Frontiers program, which highlights emerging fields of research, such as machine learning, medical applications of computer graphics, and autonomous vehicles.

Bargteil plans to continue to empower the SIGGRAPH executive committee to create high-impact programming and opportunities for conversation among members when he is at the helm next year. “I’d like to continue to be proactive, and create more value for the members of SIGGRAPH,” he shares.

Over the summer, Bargteil participated in an intensive leadership program, which he says helped him prepare for his upcoming role in SIGGRAPH. Reflecting on the experience, Bargteil says that he found the selected readings, training exercises in public speaking, and opportunities to connect closely with fellow participants to be valuable for his growth as an emerging leader in computing.

SIGCHI, the group Mentis leads, is the world’s largest association for professionals in human-computer interaction. The group’s main conference attracts more than 3,500 attendees each year, and the SIG sponsors 23 specialized conferences.

Mentis is director of UMBC’s Bodies in Motion Lab, and focuses on how technologies can improve collaboration and coordination in healthcare contexts, from empowering patients to helping surgeons utilize interactive imaging. SIGCHI is a highly multi-disciplinary community that includes researchers and students in fields from sociology to mechanical engineering.

Adapted from an article by Megan Hanks. For additional stories, visit the UMBC News site.

Maryland Public Television’s Charles Robinson reports on how Baltimore continues to recover after city computers were infected with ransomware in the May 2019 Baltimore ransomware attack and interviews Dr. Rick Forno, associate director of the UMBC Center for Cybersecurity and graduate director of UMBC’s Cybersecurity MPS degree program.

From Wikipedia: On May 7th 2019, most of Baltimore’s government computer systems were infected with a new and aggressive ransomware variant named RobbinHood. All servers, with the exception of essential services, were taken offline. In a ransom note, hackers demanded 13 bitcoin (roughly $76,280) in exchange for keys to restore access. The note also stated that if the demands were not met within four days, the price would increase and within ten days the city would permanently lose all of the data.

As of May 13, 2019 all systems remained down for city employees. It is estimated that it will take weeks to recover. According to Mayor Jack Young, US Federal Law enforcement continue to investigate the attack. The attack had a negative impact on the real estate market as property transfers could not be completed until the system was restored on May 20th. However, the restoration of all systems was, as of May 20, 2019, estimated to take weeks more.

Baltimore was susceptible to such an attack due to its IT practices, which included decentralized control of its technology budget and a failure to allocate money its information security manager wanted to fund cyberattack insurance. The attack has been compared to a previous ransomware attack on Atlanta the previous year, and was the second major use of the RobbinHood ransomware on an American city in 2019, as Greenville, North Carolina was also impacted in April.

On October 29 and 30 the National Science and Technology Medals Foundation will host Science Unscripted: Conversations with AI Experts, two early evening events at UMBC from 5:00 to 8:00pm that bring together AI experts to discuss how AI will impact our lives. The events will be held in the Fine Arts Recital Hall with doors open at 5:00 prior to the 5:30 start and will conclude with a reception starting at 7:00pm with food and drinks. Both events are free, but registration is requested.

These events are a part of the NSTMF’s Science Unscripted program. Through the SU program, the Foundation is building an inclusive coalition of inspired STEM students. By highlighting voices often left unheard in the STEM community, we show audiences that there is no “right” way to be a trailblazer in science and technology. Each evening, attendees will have the chance to hear about the lives and experiences of the women and men dedicated to creating smart, socially conscious AI.

Tuesday, Oct. 29: Code-ifying AI is a a discussion about AI policy. A panel including UMBC Professor Cynthia Matuszek, Dr. José-Marie Griffiths and moderated by Rosario Robinson will examine what it will take to govern AI as well as the implications of incorporating AI into our everyday lives. Register on Eventbright.

Wednesday, Oct. 30: Decoding Bias in AI is a panel discussion about implicit bias and how we can create more socially conscious AI with UMBC Professor James Foulds, Loretta Cheeks, Emmanuel Johnson and moderator Deborah Kariuki. Implicit bias remains one of the most prevalent concerns about incorporating AI into the mainstream, and our panel is poised to deliberate the ethics and possible solutions to this issue. Register on Eventbright.

The events will be webcast live with closed-captions on Facebook, and the full event videos will be available on our YouTube channel afterward. Webcast audiences are encouraged to participate in the conversation using #ScienceUnscripted on Twitter, Facebook and Instagram.

Both events are no-cost, equal access (ADA compliant), and open to the public. Save your seat on Eventbrite for day one at Code-ifying AI and for day two at Decoding Bias in AI.

Lockheed Martin Distinguished Speaker Series

How Algorithms Are Shaping Our Lives

Dr. Alfred V. Aho

Lawrence Gussman Professor Emeritus of Computer Science, Columbia University

1:00-2:00pm Thursday, 17 October 2019, ITE 104, UMBC

Dr. Aho will explain what algorithms are and how they have evolved over several millennia. Algorithms are now shaping all aspects of our lives from healthcare to jobs to entertainment. Good algorithms can enrich our lives and unfortunately, bad algorithms can wreak havoc. An important societal question concerning algorithms arises. Should we regulate algorithms so they don’t totally distort our lives, and if so, how should we do it? The fundamental nature of algorithms makes this an unusually difficult challenge.

Alfred Aho joined the Department of Computer Science at Columbia in 1995 and served as Chair of the department from 1995 to 1997, and again in the spring of 2003. He has a B.A.Sc. in Engineering Physics from the University of Toronto and a Ph.D. in Electrical Engineering/Computer Science from Princeton University.

Professor Aho won the Great Teacher Award for 2003 from the Society of Columbia Graduates. In 2014 he was again recognized for teaching excellence by winning the Distinguished Faculty Teaching Award from the Columbia Engineering Alumni Association. He has received the IEEE John von Neumann Medal and is a Member of the U.S. National Academy of Engineering and of the American Academy of Arts and Sciences. He is a Fellow of the Royal Society of Canada. He shared the 2017 C&C prize with John Hopcroft and Jeff Ullman. He has received honorary doctorates from the Universities of Helsinki, Toronto and Waterloo, and is a Fellow of the American Association for the Advancement of Science, ACM, Bell Labs, and IEEE.

Professor Aho is a co-inventor of AWK, a widely used pattern-matching language. He also wrote the initial versions of the UNIX string pattern-matching utilities egrep and fgrep; fgrep was the first widely used implementation of what is now called the Aho-Corasick algorithm. His research interests include programming languages, compilers, algorithms, software engineering, and quantum computation.

Lockheed Martin Distinguished Speaker Series

Three Related Takes on Investigating Human-Like Intelligence:
Cognitive Architectures, a Common Model of Cognition, and Dichotomic Maps

Dr. Paul S. Rosenbloom

Professor of Computer Science and Director of Cognitive Architecture Research, Institute for Creative Technologies
University of Southern California

1:00-2:00pm Friday, 11 October 2019, ITE 325b, UMBC

This talk explores a trio of related takes on how to investigate the nature of human-like intelligence. The first concerns cognitive architectures – implemented models of the fixed structure and processes that yield natural and artificial minds – with a drill down to Sigma, an attempt at a deep synthesis across what has been learned over the past four decades on (what started as) high-level symbolic cognitive architectures versus the low-level graphical/network technologies of probabilistic graphical models (such as Bayesian networks) and neural networks. The second concerns a more abstract attempt at specifying a Common Model of Cognition that yields an evolving community consensus over what must be part of any cognitive architecture for human-like intelligence. The final take concerns an even more abstract (and speculative) attempt at understanding more deeply the space of approaches to intelligence – framed as maps resulting from cross products among core cognitive dichotomies – along with how such maps may help to understand and structure the capabilities required for (human-like) intelligence.

Paul Rosenbloom is a professor of computer science in the Viterbi School of Engineering at the University of Southern California (USC) and director for cognitive architecture research at USC’s Institute for Creative Technologies (ICT). He was a member of USC’s Information Sciences Institute for two decades, ending as its deputy director, and earlier was on the faculty at Carnegie Mellon University and Stanford University (where he had a joint appointment in Computer Science and Psychology). His research concentrates on cognitive architectures (models of the fixed structures and processes that together yield a mind), the Common Model of Cognition (an attempt at developing a community consensus concerning what must be part of a human-like mind), and on computing as a scientific domain (understanding the computing sciences as akin to the physical, life and social sciences). He is a fellow of the Association for the Advancement of Artificial Intelligence (AAAI), the Association for the Advancement of Science (AAAS), and the Cognitive Science Society; and with J. Laird was recently awarded the Herbert A. Simon Prize for Advances in Cognitive Systems. He has served as councilor and conference chair for AAAI; chair of the Association for Computing Machinery Special Interest Group on Artificial Intelligence; and president of the faculty at USC.

Department of Geography and Environmental Systems

Bringing Social, Information, and Natural Sciences together to Understand Human Transformation of Earth

Dr. Earle Ellis, UMBC

12:00-1:00pm Wednesday, 25 September 2019, ITE 229

The principal investigator of a UMBC-led “massively collaborative” project published in Science Magazine will describe how archaeologists, geographers, and information science came together to show that human societies began transforming earth thousands of years earlier than known by earth scientists; evidence for an earlier anthropocene.

The UMBC Cyber Defense Lab presents

Analysis of the Secure Remote Password (SRP) Protocol Using CPSA

Erin Lanus, UMBC Cyber Defense Lab

12:00–1:00pm, Friday, 6 September 2019, ITE 227, UMBC

Joint work with Alan Sherman, Richard Chang, Enis Golaszewski, Ryan Wnuk-Fink, Cyrus Bonyadi, Mario Costa, Moses Liskov, and Edward Zieglar

Secure Remote Password (SRP) is a widely deployed password authenticated key exchange (PAKE) protocol used in products such as 1Password and iCloud Keychain. As with other PAKE protocols, the two participants in SRP use knowledge of a pre-shared password to authenticate each other and establish a session key. I will explain the SRP protocol and security goals it seeks to achieve. I will demonstrate how to model the protocol using the Cryptographic Protocol Shapes Analyzer (CPSA) tool and present my analysis of the shapes produced by CPSA.

Erin Lanus earned her Ph.D. in computer science in May 2019 from Arizona State University. Dr. Lanus is currently conducting research with Professor Sherman’s Protocol Analysis Lab at UMBC. Her previous results include how to use state to enable CPSA to reason about time in forced-latency protocols. Her research also explored algorithmic approaches to constructing combinatorial arrays employed in interaction testing and the creation of a new type of array for attribute distribution to achieve anonymous authorization in attribute-based systems. In October she will begin as a research assistant professor at Virginia Tech’s Hume Center in Northern Virginia. email:

Support for this research was provided in part by grants to CISA from the Department of Defense, CySP grants H98230-17-1-0387 and H98230-18-0321.